From 4cd2c8b6e5c5602a221125ef240ba0dfd3a7dbd1 Mon Sep 17 00:00:00 2001 From: Bruno Martins Date: Mon, 31 May 2021 01:44:58 +0100 Subject: [PATCH] sm8350-common: Bring up camera with enforcing SELinux SELinux is more and more annoying nowadays, we all know that... After spending hours to figure out why camera wasn't working while on enforcing mode, the audits finally showed up after booting into permissive mode. :S 05-31 01:19:55.133 877 877 I provider@2.4-se: type=1400 audit(0.0:456): avc: denied { read write } for name="capture" dev="sysfs" ino=116259 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 05-31 01:19:55.133 877 877 I provider@2.4-se: type=1400 audit(0.0:457): avc: denied { open } for path="/sys/kernel/tof_control/app0/capture" dev="sysfs" ino=116259 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 Change-Id: I1727b1a299a02f15b75dce9a4d5c72201f6632c3 --- sepolicy/vendor/file.te | 2 ++ sepolicy/vendor/genfs_contexts | 2 ++ sepolicy/vendor/hal_camera_default.te | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index 131ac00..d87e163 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -18,7 +18,9 @@ type sysfs_fod, fs_type, sysfs_type; type sysfs_fsc, fs_type, sysfs_type; type sysfs_fuse, fs_type, sysfs_type; type sysfs_memplus, fs_type, sysfs_type; +type sysfs_ois_control, fs_type, sysfs_type; type sysfs_project_info, fs_type, sysfs_type; +type sysfs_tof_control, fs_type, sysfs_type; type sysfs_tpd, fs_type, sysfs_type; type sysfs_tri_state_key, sysfs_type, fs_type; type sysfs_vl53l1, fs_type, sysfs_type; diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 71e3cb1..3414c1c 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -32,6 +32,8 @@ genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm u:object_r:sysfs_livedisplay_tuneable:s0 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_dim u:object_r:sysfs_fod:s0 genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_fppress u:object_r:sysfs_fod:s0 +genfscon sysfs /kernel/ois_control u:object_r:sysfs_ois_control:s0 +genfscon sysfs /kernel/tof_control u:object_r:sysfs_tof_control:s0 genfscon sysfs /module/memplus_core/parameters u:object_r:sysfs_memplus:s0 genfscon sysfs /module/qpnp_smb5/parameters/call_on u:object_r:sysfs_dash_charger:s0 genfscon sysfs /module/qpnp_smb5/parameters/video_call_on u:object_r:vendor_sysfs_video_call_on:s0 diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te index 35487cc..46d4ec6 100644 --- a/sepolicy/vendor/hal_camera_default.te +++ b/sepolicy/vendor/hal_camera_default.te @@ -17,6 +17,12 @@ allow hal_camera_default vl53l1_device:chr_file rw_file_perms; allow hal_camera_default proc_meminfo:file r_file_perms; allow hal_camera_default vendor_sysfs_video_call_on:file rw_file_perms; +allow hal_camera_default sysfs_ois_control:dir r_dir_perms; +allow hal_camera_default sysfs_ois_control:file rw_file_perms; + +allow hal_camera_default sysfs_tof_control:dir r_dir_perms; +allow hal_camera_default sysfs_tof_control:file rw_file_perms; + get_prop(hal_camera_default, ctl_default_prop) get_prop(hal_camera_default, vendor_db_security_prop) get_prop(hal_camera_default, vendor_mmi_prop)